Personal Identification Number (PIN) Security Tips
What is a PIN? How to Create and Remember Strong PINs
What is a PIN?
A personal identification number (PIN) is a security code for verifying your identity. Similar to a password, your PIN should be kept secret because it allows access to important services (like the ability to withdraw cash, view or change personal information, and more). Unlike a typical password on your bank account, a PIN is numeric only – there are no letters or other characters in a PIN.
PINs are most commonly used for financial transactions and (historically) student loans, but they can be used for anything from unlocking a door to unlocking a phone.
PINs are sometimes called “pin numbers,” which is redundant because the word "number" is already included in “PIN.”
ATM PINs: When you get cash from an ATM using a debit or credit card, you need to enter a PIN to prove that you're authorized to make the withdrawal. The PIN serves as a secondary form of verification (anybody could have possession of the card, but only you should know the PIN that works with the card). In many cases, your PIN is a four-digit number, such as 1234 (obviously you’d want to use a PIN that is harder to guess, and there are several tips on that below).
Card purchase PINs: You might also need to use a PIN to make a purchase using your debit or credit card at a retailer. Again, the PIN proves that you are authorized to use the card.
In the United States, chip-enabled credit cards sometimes require a PIN at checkout, but a signature is more common. In other countries, entering a PIN is the norm – and some cards issued in the US are not compatible with those payment systems (so check with your bank before you take your card out of the country).
When you pay with a debit card and choose “Debit” at checkout, you’ll need to enter a PIN.
Other uses: Aside from PINs you set up with your bank or credit union, almost any organization you work with might ask you to establish a PIN. The concept is similar — your PIN is a secret code that verifies your identity. For example, you might need a PIN to:
- Access your 401k account for the first time
- Make changes to your mobile phone account (address or service plan)
- File and pay taxes electronically
Because PINs protect sensitive information (and your cash), you’ll want to use a PIN that is difficult to guess. Avoid including the following items in your PIN:
- Simple number sequences like 1234 or 0000 (including repetition: 1122 or 2233)
- Significant dates such as your birth year or spouse’s birthday
- Any part of your Social Security Number
- Any part of your address or phone number
Longer PINs are safer than shorter PINs because there are more ways to mix the numbers together. For example, if you use a four digit PIN, there are 10,000 possible variations (starting with 0000, 0001, 0002, and so on).
With a six-digit PIN, there are one million possible codes, so it’s harder for thieves and computer programs to successfully guess your PIN.
When you have the option, go with a longer PIN. Some systems default to a four-digit PIN, but you can choose to use a longer one (on iPhones, for example). Stronger PINs are better because most security systems lock your account (at least temporarily) after three or so unsuccessful attempts. This gives you and your bank a chance to figure out what’s going on, and it keeps progress painfully slow for anybody trying to guess your PIN.
Keep it Secret, but Accessible
Because the PIN authorizes you (or whoever knows it) to access sensitive information, it's essential to keep the number secret. Protect it, and never write it on your ATM or debit card – thieves know to look for four-digit codes written on the back of stolen cards.
Hide PIN entry: When you enter your PIN at an ATM or cash register, cover the keypad with your free hand so that nobody can see what you type in. Thieves can install hidden cameras on ATMs and other devices (like gas pumps) for recording PINs. If you want to be extra safe, touch some of the other keys after you enter your PIN to thwart heat-sensitive cameras and other tactics.
Easy vs. secure: PINs can be hard to remember – especially if you’ve got a stack of debit cards. This creates a challenging situation: Strong security measures are harder to use. As a result, you may be tempted to take shortcuts (like re-using the same PIN or using numbers from your birthday). Fortunately, there are several tricks that make it easy to store PINs safely (while making them easy to access or remember).
Password managers: Especially if you have multiple PINs, it may be helpful to have a record of each PIN and account. Password managers are useful tools for doing this (don’t just keep a sticky note on your monitor or in your wallet). Develop and remember a strong password for the password manager, and then you can look up your PINs whenever needed.
Below, we’ve described several ways to create good PINs and make them easy to use.
The Word Method
One way to create and remember a PIN is to create it from a word.
Think of the numbers and letters on your telephone keypad. Have you ever used the "dial-by-name" option to find somebody in a company's phone directory? If you use a word for your PIN, it will be easier to remember.
For example, the word "word" converts to the PIN 9673 (the W is on the 9, the O is on the 6, and so on).
A disadvantage of word PINs is that automated hacking programs can use words from the dictionary in a brute force attack. However, most banking systems will lock them out after just a few unsuccessful attempts. You could also use an acronym – a series of letters that means something but isn’t a word found in any dictionary.
The Date Method
Another way to create and remember a good PIN is to build it from significant dates. For example, if your birthday is November 15th, 1946, you can create a PIN derived from your birthday. You might use 1115 (for the eleventh month and fifteenth day). You might also try 1546.
The disadvantage of this method is that somebody who knows you may be able to guess your PIN with their knowledge of your personal life. Plus, thieves can easily find your date of birth and other personal information online – through social media, free databases, and stolen data for sale online. For best results, mix up the numbers: Use part of a date with part of a different number (your address or shoe size, for example).
The Cell Phone Friend Method
Your mobile phone probably has dozens or hundreds of contacts.
Add a new fake contact, and hide your PIN within that contact's phone number. For example, if your PIN is 1212, you’d add the phone number 555-123-1212 (but use a local-looking phone number – not the fictitious 555 area code). This is the concept of “hiding in plain sight.”
A drawback to this method is that you could lose your phone or phone or have a dead phone battery. Plus, it’s not safe to fumble with your phone every time you go to the ATM — you want to be quick and move on.
The Addition Method
Another way to randomize your PIN is to add numbers to an easily remembered number. For example, you might add one to each number of the base PIN. If you start with "1234," you add one to each position and end up with "2345." Of course, this is an oversimplified example, and you'll have to get more creative for any meaningful security.
What If You Don't Know Your PIN?
If you don’t know your PIN, you might still need to get it from your financial institution. In many cases, you do not get to choose your initial PIN – it will be mailed to you separately from any cards (in case your card gets stolen from the mail). You’ll typically have the option to change your PIN, and you might be required to do so.
However, some banks allow you to choose your PIN yourself as your card is printed.
When you lose or forget your PIN, you’ll need to reset it. This is generally done by mail or with a visit to a bank branch (assuming the PIN is for your bank account).